ipfw3: match multiple ports in a rule

Bill Yuan bycn82 at gmail.com
Fri Nov 25 05:38:22 PST 2016


Hi Chuck,

Sorry for replying late. I was super busy recently.

Yes, the ipfw3 supports 'or' block, and we can use 'or' to join all the
filters. so your firewall rules can be shorten as:

      ipfw3 add [rule number] allow tcp to 1.2.3.4 dst-port 22 or 80



Regards,
Bill Yuan




On 24 November 2016 at 16:52, Chuck Musser <cmusser at sonic.net> wrote:

>
> > On Nov 23, 2016, at 11:58 PM, Freddie Cash <fjwcash at gmail.com> wrote:
> >
> > Separate ports with commas (22,80) to specify multiple ports in a rule.
> And you can do ranges too using dashes: 22,80,10000-10100.
>
> Yes, the man page does describe and some of my attempts used it (the comma
> separated list, not the range). The specific results were:
>
> ipfw3 add 101 set 1 allow tcp to 1.2.3.4 22,80
> ipfw3: bad command `22,80'
>
> That one's just invalid.
>
> ipfw3 add 100 set 1 allow tcp to 1.2.3.4 dst-port 22,80
> ipfw3 list 100
> 00100  allow tcp to 1.2.3.4 dst-port 22
>
> It added the first port, not the second.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20161125/17527261/attachment-0003.htm>


More information about the Users mailing list